In diary entries "Huge Signed PE File" and "Huge Signed PE File: Keeping The Signature" I explain how to get rid of the overlay in a huge PE file.

What commands do you need to issue if you do want the overlay (e.g., for analysis)?

To achieve this, you follow the steps as I explained here, up until the extraction of the stripped PE file (-g s). Issue a similar extraction command, but use -g o (o stands for overlay) to extract the overlay.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com